Claims: 



1. For a data processing system comprising a database, the database comprising 
classified table elements, the data processing system coupled to a classification engine 
adapted to provide indicators of approval or non-approval to permit, for a request associated 
with a requestor, access to contents of the classified table elements, a method for retrieving 
data from the classified table elements, the method comprising the steps of: 

receiving the request, from the requestor, to access the contents of the classified table 
elements; 

for each classified table element, asking the classification engine to provide an 

indication of whether the requestor associated with the request is to be permitted 

access to the contents of the respective classified table element; and 

accessing the contents of each classified table element for which an approval 

indicator is received from the classification engine, the approval indicator indicating 

that the requestor is permitted to access the contents of the respective classified table 

element; 

wherein the asking step comprises sending the request to the classification engine 
coupled to the data processing system. 

2. The method of claim 1, further comprising the steps of: 

providing, to the requestor, access to the contents of each classified table element for 
which an approval indicator is received; and, 

denying, to the requestor, access to the contents of each classified table element for 
which a non-approval indicator is received from the classification engine, the non- 
approval indicator indicating that the requestor is not permitted to access the contents 
of the respective classified table element. 

3. The method of claim 1, wherein: 

the classified table elements are included in a classified table contained in the 
database; 

each classified table element is associated with a respective classification label; and 
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the classification engine uses the classification label for each classified table element 
and a classification associated with the requestor in determining whether to provide 
the approval indicator and whether to provide the non-approval indicator for the 
respective classified table element. 

4. The method of claim 3, wherein the classified table element is a classified table row. 

5. The method of claim 4, further comprising the step of compiling the request received 
at the receiving step into a plurality of executable instructions, the executable instructions 
comprising added instructions for invoking the classification engine such that for each row 
of the classified table, arguments for at least one classification parameter are passed to the 
classification engine for use in generating one of the approval indicator and non-approval 
indicator for the respective row, where the arguments comprise both data stored in one or 
more classification columns of the table and data used to determine the classification 
associated with the requestor. 

6. The method of claim 5, wherein the classification engine is adapted to generate the 
indicators using a classification level derived by the classification engine for each row, the 
classification level being derived from data stored in the at least one classification column of 
each respective row in accordance with a column mapping scheme. 

7. The method of claim 1, wherein in the asking step, the classification engine is 
invoked through at least one processing exit in the data processing system. 

8. The method of claim 1, further comprising, before the asking step, the step of 
checking, for each classified table element, whether a decision cache contains one of an 
approval indicator and non-approval indicator associated therewith, and wherein the asking 
step is performed only when neither indicator is contained in said decision cache. 

9. A data processing system comprising a database, the database comprising classified 
table elements, the data processing system coupled to a classification engine adapted to 
provide indicators of approval or non-approval to permit, for a request associated with a 
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requestor, access to contents of the classified table elements, the data processing system 
comprising one or more modules programmed to perform the steps of: 

receiving the request, from the requestor, to access the contents of the classified table 

elements; 

for each classified table element, asking the classification engine to provide an 

indication of whether the requestor associated with the request is to be permitted 

access to the contents of the respective classified table element; and 

accessing the contents of each classified table element for which an approval 

indicator is received from the classification engine, the approval indicator indicating 

that the requestor is permitted to access the contents of the respective classified table 

element; 

wherein the asking step comprises sending the request to the classification engine 
coupled to the data processing system. 

10. The data processing system of claim 9, wherein the one or more modules are further 
programmed to perform the steps of: 

providing, to the requestor, access to the contents of each classified table element for 
which an approval indicator is received; and, 

denying, to the requestor, the copy of the accessed contents of each classified table 
element for which a non-approval indicator is received from the classification 
engine, the non-approval indicator indicating that the requestor is not permitted to 
access the contents of the respective classified table element. 

1 1 . The data processing system of claim 9, wherein: 

the classified table elements are included in a classified table contained in the 
database; 

each classified table element is associated with a respective classification label; and 
the classification engine uses the classification label for each classified table element 
and a classification associated with the requestor in determining whether to provide 
the approval indicator and whether to provide the non-approval indicator for the 
respective classified table element. 



CA9-2003-0104 



21 



12. The data processing system of claim 11, wherein the classified table element is a 
classified table row. 

13. The data processing system of claim 12, wherein the one or more modules are further 
programmed to perform the step of compiling the request received at the receiving step into 
a plurality of executable instructions, the executable instructions comprising added 
instructions for invoking the classification engine such that for each row of the classified 
table, arguments for at least one classification parameter are passed to the classification 
engine for use in generating one of the approval indicator and non-approval indicator for the 
respective row, where the arguments comprise both data stored in one or more classification 
columns and data used to determine the classification associated with the requestor. 

14. The data processing system of claim 12, wherein the classification engine is adapted 
to generate the indicators using a classification level derived by the classification engine for 
each row, the classification level being derived from data stored in the at least one 
classification column of each respective row in accordance with a column mapping scheme. 

15. The data processing system of claim 9, wherein in the asking step, the classification 
engine is invoked through at least one processing exit in the data processing system. 

16. The data processing system of claim 9, wherein the one or more modules are further 
programmed to perform, before the asking step, the step of checking, for each classified 
table element, whether a decision cache contains one of an approval indicator and non- 
approval indicator associated therewith, and wherein the asking step is performed only when 
neither indicator is contained in said decision cache. 

17. For a data processing system comprising a database, the database comprising 
classified table elements, the data processing system coupled to a classification engine 
adapted to provide indicators of approval or non-approval to permit, for a request associated 
with a requestor, access to contents of the classified table elements, a computer-readable 
medium containing instructions for perform a method for retrieving data from the classified 
table elements, the method comprising the steps of: 
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receiving the request, from the requestor, to access the contents of the classified table 
elements; 

for each classified table element, asking the classification engine to provide an 

indication of whether the requestor associated with the request is to be permitted 

access to the contents of the respective classified table element; and 

accessing the contents of each classified table element for which an approval 

indicator is received from the classification engine, the approval indicator indicating 

that the requestor is permitted to access the contents of the respective classified table 

element; 

wherein the asking step comprises sending the request to the classification engine 
coupled to the data processing system. 

18. The computer-readable medium of claim 17, the method further comprising the steps 
of: 

providing, to the requestor, access to the contents of each classified table element for 
which an approval indicator is received; and, 

denying, to the requestor, access to the contents of each classified table element for 
which a non-approval indicator is received from the classification engine, the non- 
approval indicator indicating that the requestor is not permitted to access the contents 
of the respective classified table element. 

19. The computer-readable medium of claim 17, wherein: 

the classified table elements are included in a classified table contained in the 
database; 

each classified table element is associated with a respective classification label; and 
the classification engine uses the classification label for each classified table element 
and a classification associated with the requestor in determining whether to provide 
the approval indicator and whether to provide the non-approval indicator for the 
respective classified table element. 

20. The computer-readable medium of claim 19, wherein the classified table element is a 
classified table row. 
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21. The computer-readable medium of claim 20, the method further comprising the step 
of compiling the request received at the receiving step into a plurality of executable 
instructions, the executable instructions comprising added instructions for invoking the 
classification engine such that for each row of the classified table, arguments for at least one 
classification parameter are passed to the classification engine for use in generating one of 
the approval indicator and non-approval indicator for the respective row, where the 
arguments comprise both data stored in one or more classification columns of the table and 
data used to determine the classification associated with the requestor. 

22. The computer-readable medium of claim 21, wherein the classification engine is 
adapted to generate the indicators using a classification level derived by the classification 
engine for each row, the classification level being derived from data stored in the at least one 
classification column of each respective row in accordance with a column mapping scheme. 

23. The computer-readable medium of claim 17, wherein in the asking step, the 
classification engine is invoked through at least one processing exit in the data processing 
system. 

24. The computer-readable medium of claim 17, further comprising, before the asking 
step, the step of checking, for each classified table element, whether a decision cache 
contains one of an approval indicator and non-approval indicator associated therewith, and 
wherein the asking step is performed only when neither indicator is contained in said 
decision cache. 
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